Soumettre #635801: Portabilis i-Educar 2.10 SQL Injectioninformation

TitrePortabilis i-Educar 2.10 SQL Injection
DescriptionSQL Injection (Boolean-Based) Vulnerability in id Parameter on /RegraAvaliacao/view?id=[id] Endpoint Summary A SQL Injection vulnerability was identified in the /module/RegraAvaliacao/view?id=[id] endpoint of the i-educar application, specifically in the id parameter. This vulnerability allows attackers to execute arbitrary SQL commands on the backend database, potentially compromising the confidentiality, integrity, and availability of application data. Details Vulnerable Endpoint: /module/RegraAvaliacao/view?id=[id] Parameter: id The application fails to properly validate and sanitize user input in the id parameter. As a result, attackers can inject crafted SQL payloads that are executed directly by the database. This could allow database enumeration, data exfiltration, modification, or denial of service via time-based delays. PoC Step by Step: Install sqlmap tool and type the command below: Payload: sqlmap -u "http://localhost:8086/module/RegraAvaliacao/view?id=1" -p id --cookie="i_educar_session=qEk2wbjxS5IbECJGqnIa0dbmIyI3XIsXqm3WSh6K" \ --dbms=PostgreSQL --technique=B --dbs --batch sqlmap begins to test a lot of SQLi in id parameter until find a boolean-based blind: image 1: https://github.com/KarinaGante/KGSec/raw/main/CVEs/images/SQLi6.png Some time after, sqlmap will list of available databases confirming that SQLi: image 2: https://github.com/KarinaGante/KGSec/raw/main/CVEs/images/SQLi7.png Still using sqlmap and discovering tables and columns it becomes possible to enumerate this information: image 3: https://github.com/KarinaGante/KGSec/raw/main/CVEs/images/SQLi8.png Impact Unauthorized data access: Reading sensitive information such as credentials, personal data, or configuration details Database enumeration: Extracting database schema, tables, and column details Data manipulation: Adding, modifying, or deleting database records. Denial of Service (DoS): Using time-based queries to impact system availability. Potential escalation to RCE: If combined with other vulnerabilities and specific database features. Finder Discovered by Karina Gante.
La source⚠️ https://github.com/KarinaGante/KGSec/blob/main/CVEs/i-educar/12.md
Utilisateur
 karinagante (UID 88113)
Soumission16/08/2025 01:12 (il y a 10 mois)
Modérer27/08/2025 09:34 (11 days later)
StatutAccepté
Entrée VulDB321551 [Portabilis i-Educar jusqu’à 2.10 /RegraAvaliacao/view ID injection SQL]
Points20

PrécédentAperçuSuivant

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!